Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United Kingdom Government Security

UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack (theguardian.com) 44

An anonymous reader quotes the Guardian: Parliament has been hit by a "sustained and determined" cyber-attack by hackers attempting to gain access to MPs' and their staffers' email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords... The estate's digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails...

The international trade secretary, Liam Fox, told ITV News the attack was a "warning to everyone we need more security and better passwords. You wouldn't leave your door open at night." In an interview with the BBC, he added: "We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers' passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails."

One member of Parliament posted on Twitter "Sorry, no parliamentary email access today â" we're under cyber-attack from Kim Jong-un, Putin or a kid in his mom's basement or something." He added later, "I'm off to the pub."
This discussion has been archived. No new comments can be posted.

UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack

Comments Filter:
  • So perhaps it isn't such a bad idea to use your home-brew email server after all.

    • Any government or big company should just hand out secure locked down devices for intranet only use (no web browsing, no USB, no nothing) with hardware VPN.

      Small cost compared to the shit caused by even a low impact hack.

      • Hm... sooner or later someone will learn how to hack their way into intranet servers anyway, for example by emulating that device VPN. Intrusions are normal. The point is that if you allow diversity, it becomes unlikely that all servers are attacked simultaneously.

        In addition, smaller data centers can afford smaller security teams, which implies better trust.

  • ... convenient excuse to regulate the internet.... how jaded am I with my government ...

  • Better passwords? (Score:5, Interesting)

    by 93 Escort Wagon ( 326346 ) on Saturday June 24, 2017 @01:07PM (#54682805)

    Wouldn't requiring two-factor auth be a better idea?

    • by symes ( 835608 )

      I have no idea why two-factor is not more common. All the stuff I have set up for personal use has it enabled but none of the corporate systems I use so (except for one that also needs a dongle). You know what I would like to see? A near field dongle-like key, something that can be embedded in a phone or keyring or ID card or something. There seems to be the beleif that secure means more difficult and so many have opted for the less secure easier to access route. You can have exceptional security and easy a

  • passwords need to go (Score:2, Interesting)

    by Anonymous Coward

    Why can't the email for MPs use client side SSL certificates for authentication instead of passwords. This isn't really all that hard to do, just a little extra effort.

    This password nonsense needs to end.

  • by oobayly ( 1056050 ) on Saturday June 24, 2017 @01:26PM (#54682921)

    If they've got nothing to hide they've got nothing to fear...

    In light of all the anti-privacy legislation that the UK government has been passing, I've got to wonder if somebody's making a point.

  • a kid in his mom's basement or something

    It's like I have a twin!

  • I'm guessing the Parliament feels a bit like a kid who hasn't studied and got a snow day right now.
  • by klindsay ( 1315185 ) on Saturday June 24, 2017 @01:54PM (#54683055)
    MPs said they were unable to access their emails after the attack began.
    An email sent to all those affected, ... (outside Westminster)
    What could possibly go wrong with this means of notification?
  • Wouldn't a 'security probe' or 'multiple failed logins' or something of that nature be more accurate? I've had enough of all these bad and misleading analogies. Is computer security really so hard? Just enforce secure passwords and multifactor authentication and take it seriously. Account lockout after 10 unsuccessful attempts etc. And don't use Microsoft software of any kind.

"I shall expect a chemical cure for psychopathic behavior by 10 A.M. tomorrow, or I'll have your guts for spaghetti." -- a comic panel by Cotham

Working...